Hardcoded Credentials in Vasion Print Virtual Appliance Host and Application
CVE-2025-34196

9.3CRITICAL

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
29 September 2025

What is CVE-2025-34196?

Vasion Print products, specifically the Virtual Appliance Host and Windows client applications, exhibit serious security risks due to hardcoded credentials. The applications include a hardcoded private key for the Certificate Authority (CA) along with a password in configuration files. This exposes the CA certificate and sensitive settings through accessible configuration files like clientsettings.dat and defaults.ini. Malicious actors with access to these files can impersonate the CA, allowing them to sign certificates trusted by the client, conduct man-in-the-middle attacks, and compromise TLS communication security.

Affected Version(s)

Print Application Windows * < 25.1.1413

Print Virtual Appliance Host Windows * < 25.1.102

References

https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch
https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
JSON
.
CVE-2025-34196 : Hardcoded Credentials in Vasion Print Virtual Appliance Host and Application